2.0.12

CVSS 1.9 - LOW

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

eject

NVD

Published: 2003-12-31

Updated: 2017-07-29

Summary

eject 2.0.10, when installed setuid on systems such as SuSE Linux 7.3, generates different error messages depending on whether a specified file exists or not, which allows local users to obtain sensitive information.

Vulnerable Configurations

Part	Description	Count
Application	Eject Eject Eject 2.0.10 Eject Eject 2.0.11 Eject Eject 2.0.12	3

References

http://archives.neohapsis.com/archives/bugtraq/2003-02/0278.html
http://www.securityfocus.com/bid/6914
https://exchange.xforce.ibmcloud.com/vulnerabilities/11380